CVE-2025-21713

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A vulnerability in the Linux kernel has been identified, specifically in the powerpc/pseries/iommu component. The issue arises when a user attempts to use the same vfio container used by a different iommu group on pSeries, resulting in a crash due to a kernel NULL pointer dereference on read. The spapr tce set window() function returns -EPERM, leading to a subsequent cleanup that causes the crash. The vulnerability can be exploited, as indicated by the kernel's attempt to read a user page. Technical details include the spapr tce unset window() function and the tce iommu attach group() function, which are involved in the crash.

Recommendations To resolve this issue, apply the fix that includes a null check for the tbl passed to the spapr tce unset window() function. This fix prevents the kernel NULL pointer dereference on read, thereby avoiding the crash. As a temporary workaround, consider restricting access to the vfio iommu spapr tce module to minimize the risk of exploitation until the patch is applied.